Since March, a new ransomware gang called Cactus has been up to mischief in the digital world. The cybercriminals are particularly targeting VPN applications to gain initial access to the systems and networks. High-ranking companies are also increasingly being targeted and the gang is already demanding large ransoms. In our blog post, we explain how the Cactus ransomware works and what is known so far.
Table of Contents
Cyber criminals are known for constantly coming up with new ways to inject malware and compromise systems. This is also the case with ransomware: The security researchers from “BleepingComputer” have discovered a new sophisticated ransomware variant called “Cactus” . This mainly uses weaknesses in VPN applications to get into foreign networks. The special thing about it: The Cactus ransomware can apparently encrypt itself in order to make detection by antivirus software more difficult. Combating it with common antivirus programs is therefore difficult.
Typically, ransomware uses malware to infect another system. After ransomware is finally loaded onto the other system, it encrypts access to files, software and programs. In this type of attack, the cyber criminals demand a ransom from the victims in exchange for decrypting the files.
What makes Cactus even more dangerous compared to other ransomware variants is that the attackers use encryption to protect the ransomware binary.
An attack focuses on vulnerabilities in known VPN servers from Fortinet. The cybercriminals access the network via the VPN server and execute a batch script that loads the actual ransomware. The malicious code is transmitted in a ZIP file and extracted after the download. Using a special key in the command line, the attackers can start the application and encrypt files on the affected system in such a way that users no longer have access.
But that’s not all: before encryption, the files are transferred to the attackers’ servers. This allows the ransomware gang another leverage. Firstly, ransom money can be demanded for decrypting the files on the compromised system and additionally, the cyber criminals can threaten to publish the captured data. This is also mentioned in the Cactus ransomware ransom note.
Also Read: How Zero Trust Can Help You Stay Protected Against Ransomware Attacks?
Ransomware Cactus mainly targets large companies with a lot of sensitive data, because these are more willing to pay larger ransom sums due to the high importance of the data. According to various reports, the claims for previous Cactus attacks are said to be in the millions and the attacks are specifically tailored to the respective victims. It is not yet known which companies have been affected by the Cactus attacks so far – no sensitive data has yet been published.
It is not yet known who is behind the new ransomware gang. The investigation is proceeding swiftly.
Cactus ransomware is extremely dangerous, as common virus scanners have difficulty detecting it due to the encrypted attacks. But there are ways you can protect yourself from attacks.
This includes:
The cyber criminals behind Cactus ransomware have been active since at least March 2023. Ransomware Cactus is particularly dangerous because it encrypts itself and is therefore difficult to detect. This trick makes it possible for ransomware Cactus to bypass conventional antivirus scanners.
The main attack vectors are vulnerabilities in VPN applications. To avert danger, monitoring is to be emphasized in particular. For protection, it is therefore essential to use the latest software updates from the provider, continuously monitor your network and react quickly to any abnormalities.
Ransomware remains a “never-ending story”: The new Cactus variant currently attacks primarily via Fortinet VPN servers. The “double blackmail” approach aims to achieve a higher ransom and the attacks are tailored specifically to the respective victim. Therefore, please note our tips on protection against ransomware Cactus.
The “cloudification” of information systems has led to a radical transformation of IT professions. IT… Read More
In today's fast-paced digital world, reliable and secure internet connectivity is the lifeline of any… Read More
Digital tools are revolutionizing various industries, and Human Resources (HR) is no exception. From optimizing… Read More
In today's digital world, mobility is essential. Mobile applications have become an integral part of… Read More
Managed IT Services is experiencing rapid changes. With advancements in cloud computing, cybersecurity threats, and… Read More
WISHEW App And Platform Officially Launched In The United States On World Wish Day, Now… Read More